Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1915
Views
0
Helpful
2
Replies

SD-WAN -- Management VPN 512 / Config Backups

jgardner150
Level 4
Level 4

‎01-11-2019 12:08 PM - edited ‎03-08-2019 05:33 PM

Got a two part question today...

 

1. I have seen lots of mention of VPN512 (management VPN) in documentation and presentations, but I have yet to see a practical use demonstrated. Does anyone have thoughts on best practice to use this / are people actually using it?

*I have take notice that the vManage and vSmart controllers have the ability to have an interface configured for this VPN, is this the only way to get direct management access to them via overlay network? (I'm using the hosted solution, so I'm currently only able to get them through the vManage SSH console right now).

 

2. Is anyone doing configuration backups? I am used to using something like Kiwi Cat Tools to SSH to devices and grab "show run", back that up and let me know about changes in the environment on a regular schedule (more people than just my self making changes on my team). I am using the hosted solution, so I am trusting that Cisco is covering the smoking hole scenario for the controllers, and the edge configurations live there in the templates.... I'm more worried about human error scenarios where I accidentally delete a policy and don't remember what was in it to recreate it, or the ability to look back at how something was configured when we knew it was in a working state and now its not (perhaps after an upgrade). Also just to be aware of what changes are happening, and yes I am aware of the audit log, but that's just telling me a change happened to some parent object, but not the details of what the actual changes were.

Labels:
0 Helpful
2 Replies 2

ekhabaro
Cisco Employee
Cisco Employee

‎01-11-2019 02:12 PM

1. from the documentation "VPN 512 must be present on all Viptela devices so that they are always reachable on the network."
in general, it's quiet common approach to used dedicated VRF/VPN for secure management purpose
2. you can backup configuration database with "request nms configuration-db backup path /home/admin/backup_path" on regular basis
0 Helpful

stefan.radovanovici
Level 1
Level 1
In response to ekhabaro

‎02-07-2019 01:41 PM

Regarding VPN 512, it only has meaning if the devices are on-prem and can be connected (via their VPN 512 interface) to some out-of-band management network. 

 

For remote (remote from your management infrastructure) devices VPN 512 is a bit useless and you have to use a management loopback or some such in a service VPN. Or you don't use that and your only option is to connect via the system IP from vmanage.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents